package cn.dlc.com.controller;

import cn.dlc.com.domain.SysUser;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/product")
public class ProductController {

    // SpringSecurity的配置
    @Secured({"ROLE_PRODUCT","ROLE_ADMIN"})
    // jsr250的
    // @RolesAllowed({"ROLE_PRODUCT","ROLE_ADMIN"})
    // spring的，需要开启el表达式的支持，
    // 也就是security-http里面的expression设置为true
    // @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_PRODUCT')")
    @RequestMapping("/findAll")
    public String findAll(){
        return "product-list";
    }

    @GetMapping("user")
    public SysUser getUser(){

        // 直接获取用户名
//        System.out.println(SecurityContextHolder.getContext().getAuthentication().getName());
//
//        SecurityContextHolder.getContext().getAuthentication();
//
//        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        // 获取认证的对象，也就是自己的User，可以强转
        SysUser user = (SysUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        return user;
    }
}
